Dependency Report

Project: netbeans

Report Generated On: Mar 9, 2014 10:05:35 AM

Dependencies Scanned: 291 (show all)
Vulnerable Dependencies: 14

Dependencies

antlr-2.7.6.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/antlr-2.7.6.jar
MD5: 97C6BB68108A3D68094EAB0F67157962
SHA1: CF4F67DAE5DF4F9932AE7810F4548EF3E14DD35E

Identifiers

  • None

log4j-1.2.9.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/log4j-1.2.9.jar
MD5: 6A44D84B72897F28189F4792E2015B93
SHA1: 55856D711AB8B88F8C7B04FD85FF1643FFBFDE7C

Identifiers

  • None

ServiceTest.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ServiceTest.jar
MD5: BC48B054119DCA831DA1E28B08EE15BE
SHA1: 14D005CBCCC68CC1AC96EEE5A10A51A7521BB596

Identifiers

  • None

smack.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/smack.jar
MD5: 362DD4C2FC9B23A33D47272456DD0C39
SHA1: 916A0FE08D840A08C950F49FB59B961E14D673B8

Identifiers

  • None

ant-jsch.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-jsch.jar
MD5: 35447BD48B42B376A36AFFF93A54D4C7
SHA1: 914AAB9A9C0E5E9C112B950F1DE6886E4116C086

Identifiers

  • None

org.eclipse.mylyn.commons.core_3.3.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org.eclipse.mylyn.commons.core_3.3.1.jar
MD5: 3472277DC768B11275E8FD98E62BDCF2
SHA1: 7D3CCD3ED4DB57F2B746F5ABAF86D10F222AEB87

Identifiers

  • None

svnjavahl-1.6.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/svnjavahl-1.6.0.jar
MD5: 4395D2CF7D72479D29F7304803F367CC
SHA1: 0A79F5191E5F3FE372E8B88EA1B32D6D044CCA99

Identifiers

CVE-2009-2411  

Severity: High
CVSS Score: 8.5
CWE: CWE-189 Numeric Errors

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Vulnerable Software & Versions:

cglib-2.2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/cglib-2.2.jar
MD5: 54BD85D9EBE3F194EDBA210FE0E5F255
SHA1: 97D03461DC1C04FFC636DCB2579AAE7724A78EF2

Identifiers

  • None

org-openide-text_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-text_ja.jar
MD5: 0FF64076E0A109A152A93F5ECD55C679
SHA1: 92281EFA201FB8A368FC23B91FDE411A5DC5F9F4

Identifiers

  • None

FastInfoset.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/FastInfoset.jar
MD5: E1964166B47BC70F8A7904D8977CF837
SHA1: 9783E658208F1C6862B0641E2B241C065EADC251

Identifiers

  • None

commons-collections-2.1.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/commons-collections-2.1.1.jar
MD5: 9B47AE4871F91707617DDA4EF1509B2C
SHA1: 017C599CFCC98D31CE2D2688B4F8826BBEB9AA98

Identifiers

  • None

nbi-engine.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/nbi-engine.jar
MD5: D0B51043BB3C20FC97C0E9539EDDB1E1
SHA1: F4227C3C9FB55510216AD9E3E1002CACC0EC7963

Identifiers

  • None

ant-apache-bsf.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-apache-bsf.jar
MD5: D006935918143C26BED5BF0BBA4367BF
SHA1: 513533527C14F786D99EFB81ED2F04CD42BBEB04

Identifiers

  • None

org-apache-tools-ant-module.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-tools-ant-module.jar
MD5: 0C8E1B709FFC5E059C74A7E1C72C18CD
SHA1: 02253BF5058D74956923ABFE2E65E9C384D1E4F0

Identifiers

  • None

org.eclipse.mylyn.bugzilla.core_3.3.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org.eclipse.mylyn.bugzilla.core_3.3.1.jar
MD5: 747203ADB259487F4EC554ABFB58D09F
SHA1: 94408B54D039DA036A668C6B331EF944AF2E90EC

Identifiers

  • None

org-apache-xml-resolver_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-xml-resolver_ja.jar
MD5: 5D0A5EC2A855164DCD81C96EE98EF466
SHA1: 878982FB8B027EFFC7C282C25D9A00A19C5A0353

Identifiers

  • None

winp-1.14-patched.jar

Description: Kill process tree in Windows

License:

MIT license: http://www.opensource.org/licenses/mit-license.php
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/winp-1.14-patched.jar
MD5: 1ABE20C10DEA7226C1ABBB9640F2D4C1
SHA1: C9757EFB2CFBA523A7375A78FA9ECFAF0D0AC505

Identifiers

  • cpe: cpe:/a:killprocess:killprocess:1.14   

CVE-2005-2947  

Severity: Medium
CVSS Score: 5.1

Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource.

Vulnerable Software & Versions:

servlet-2.2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/servlet-2.2.jar
MD5: 0C4DD70BA39DA39B7CD4D7ABE1E9A5BB
SHA1: 85F9EE8921A08E5478118005D5829C6A1637374B

Identifiers

  • None

nottaDirE-1.2.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/nottaDirE-1.2.3.jar
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

Identifiers

  • None

org-openide-explorer_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-explorer_zh_CN.jar
MD5: 7C7654756FB7BCD1158E2324E2E43E53
SHA1: 996C9AE497A82D7AB99509A0302BC85343929D6F

Identifiers

  • None

org-openide-util-enumerations_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util-enumerations_ja.jar
MD5: FC07BE9A1EF3B6EFFC8C83B50CCDF5D0
SHA1: 094667272713643DEF9DABBDBF821010D3E32641

Identifiers

  • None

jstl.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jstl.jar
MD5: C2CED5F8505FE9D1CAE685201E9CBA07
SHA1: 3375E43C620DF4F1114959400FF9BB90D12A2FEB

Identifiers

  • None

jaxb-api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jaxb-api.jar
MD5: CC9E4D0FB397B4AB294A4BDDE36177EB
SHA1: BCF23B1D858C6F69D67C851D497984D25345D0B1

Identifiers

  • None

commons-logging-1.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/commons-logging-1.1.jar
MD5: 6B62417E77B000A87DE66EE3935EDBF5
SHA1: BA24D5DE831911B684C92CD289ED5FF826271824

Identifiers

  • None

ant-commons-net.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-commons-net.jar
MD5: 9FE1414077E298857436763FDBD5BF28
SHA1: 457AD9798B57E9D9E0CB5125D05FCD5B62D2A616

Identifiers

  • None

build.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/build.jar
MD5: CF8ACB70A119A370D3B8FB32D939EA14
SHA1: 77240A6D5EF946B35F6D7B9C3510C3AE53FCA2E3

Identifiers

  • None

woodstox.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/woodstox.jar
MD5: 94B4BE97C785B3F4A6DADA4D80A9779A
SHA1: BF92F1C71612D4AED212F9BC39C69716978AEF5A

Identifiers

  • None

org-openide-actions_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-actions_zh_CN.jar
MD5: D56B3797621844A63B7159CEBEDC75C5
SHA1: D47B4A54C989302ED58AE219216B5C9AE06B8AE0

Identifiers

  • None

hibernate-tools.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/hibernate-tools.jar
MD5: E58E8F9A75817F0FDDA1314110FA7F9E
SHA1: 476030C7A1DDE64ED946245575759590101583CA

Identifiers

  • None

nottaDir-1.2.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/nottaDir-1.2.3.jar
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

Identifiers

  • None

ant-jmf.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-jmf.jar
MD5: A6BCEC143CB9C3E04BDEE40EB53C0307
SHA1: D6A118EE8947ED76E647620BF948B470510320CC

Identifiers

  • None

jaxb-xjc.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jaxb-xjc.jar
MD5: A8AEF9F1B3431B4CAA035DC8B2761192
SHA1: 96467B06E25C79F69A9696EEDD34FA43B645A9D9

Identifiers

  • None

ant-junit.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-junit.jar
MD5: 12FDBD281F303A52C041B3A7421AC733
SHA1: F18330EC29146B6D7A280AC8B785AFF0330A8D3E

Identifiers

  • None

jvyamlb-0.2.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jvyamlb-0.2.3.jar
MD5: A8D1570BA468EF314D87EB68C6376C8E
SHA1: 46B7DB09C148A16ED8D6186D05D25C693DE63CA8

Identifiers

  • None

org-openide-compat.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-compat.jar
MD5: 6AE38A1E7C34EA337D4E216905CD57C7
SHA1: C8102A637985A90FDCE6C312EB4E166A66458C6B

Identifiers

  • None

org-openide-text.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-text.jar
MD5: B8D3968AF867FD2E68F9DF215B9B1E37
SHA1: F64485510DA0C3828018FBFA1FF4FC79F8F6A57F

Identifiers

  • None

stax-ex.jar

Description: Extensions to JSR-173 StAX API.

License:

Common Development And Distribution License (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/stax-ex.jar
MD5: FEA4979F8A9DAF8A473028D299A411AD
SHA1: BBDD4772AF3FEB6C9B18845FA5F1177E07456266

Identifiers

  • None

org-apache-xml-resolver_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-xml-resolver_pt_BR.jar
MD5: 1C22D6A31DF2CA58C3CB3DD55738AC6F
SHA1: 51596AB6D9B8AE0006EFA039DF0A05DF75930482

Identifiers

  • None

bytelist-0.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/bytelist-0.1.jar
MD5: 6A0738647696D277BFFF4AC7DA323141
SHA1: 886FAF4B85054DD6E50D9B3438542F432B5F9251

Identifiers

  • None

lib.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/lib.jar
MD5: 7845312B18BDC6C34C9B139123B78BC4
SHA1: 009F1483DA6C18FF1E5D24100E57B9BA4B9B1BE4

Identifiers

  • None

spring-core-3.0.2.RELEASE.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/spring-core-3.0.2.RELEASE.jar
MD5: F803BBA3FE83BEE398161BB8BB02EF3D
SHA1: 3D81822D0759A190CB6E11D80C2C020A9775206B

Identifiers

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions:

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions:

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions:

CVE-2011-2894  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

Vulnerable Software & Versions:

CVE-2011-2730  

Severity: High
CVSS Score: 7.5
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions:

CVE-2010-1622  

Severity: Medium
CVSS Score: 5.1
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.

Vulnerable Software & Versions:

org-openide-actions_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-actions_ja.jar
MD5: AF3EA39D8BA43E85B833F169A5A563F0
SHA1: EB0600D4281023222A71374A55CDD75F140DB07D

Identifiers

  • None

felix-main-2.0.2.jar

Description: OSGi R4 framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/felix-main-2.0.2.jar
MD5: 331358996D1FDB655A80775B0AC56627
SHA1: BD5615C6A15497B60A0AAA9A04D4F05E2BC42D07

Identifiers

  • None

beansbinding-1.2.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/beansbinding-1.2.1.jar
MD5: 616D0D2875DC6082EFFFBCCC30A5D886
SHA1: C4F88C2CFC1F3F72451CDE2AA3BB1F40879801FD

Identifiers

  • None

org-openidex-util.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openidex-util.jar
MD5: 4C7F87A095769BFFBA67CAC96B3B3DAE
SHA1: A531A1CEE690EFF98BFFAD20A5FFC5F8FF2B980B

Identifiers

  • cpe: cpe:/a:pro_search:pro_search:1.6   

org-openidex-util_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openidex-util_ja.jar
MD5: 5862796435427FA83BE03ED14B20C519
SHA1: B8112A243E8134B73BE19CC66E30D0B55E48A32B

Identifiers

  • None

jtidy-r8-20060801.jar

Description:  JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jtidy-r8-20060801.jar
MD5: 3C0739C6778E4D3A53E2348B3147C727
SHA1: 788E89775EEAA0F4E77742EC8336C75B7CFF6146

Identifiers

  • None

ant-antlr.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-antlr.jar
MD5: F3778BCA2337840467660A764AAD0DA6
SHA1: 1EA8C77231D5BE134C9AFB85BE18CB338E915DB8

Identifiers

  • None

jaxws-api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jaxws-api.jar
MD5: E9B0A89D2B443367E99CF09E85E40550
SHA1: B0C275008DC6517C61F3D63A999D905DBF2CBB8B

Identifiers

  • None

resolver-1.2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/resolver-1.2.jar
MD5: 038E7A49461524D9F81FB93BFB4FB6A3
SHA1: B0D0FCBAC68826D2AFA3C7C89FC4D57B95A000C3

Identifiers

  • None

ant-launcher.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-launcher.jar
MD5: 625025DD44332C859390FAD91CEF06A3
SHA1: C99D018FCC43A1540E465B9A097508B19075198C

Identifiers

  • None

ant-apache-bcel.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-apache-bcel.jar
MD5: B60670E131116EA75950D097D49CA4D8
SHA1: AC5C65D5ECEA6B14900956155552586B14ACA34A

Identifiers

  • None

org-openide-loaders_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-loaders_ja.jar
MD5: 5B9BB4335811250C25428F4B24D832BA
SHA1: 34802D84CC5CFA971A3F04936C0C763876D10830

Identifiers

  • None

j2se-simple.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/j2se-simple.jar
MD5: 6510AD08752BAE683FE5921D7E28ECFB
SHA1: 43E7DA1B71BE78DFD6EC264C1EC4BFA4AF346011

Identifiers

  • None

org-openide-windows_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-windows_zh_CN.jar
MD5: 79E9E7BF614A186EC5F000097EDA0661
SHA1: A2BBFB1530093F6B47B1335B7D25ECBC28F6B39C

Identifiers

  • None

org-openide-loaders_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-loaders_zh_CN.jar
MD5: 23029ABA35DEA331E7335047D80DF7C5
SHA1: A556B544B9414BA7043752520DAC3F336CA7C0DC

Identifiers

  • None

tags.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/tags.jar
MD5: 2138DE66A0FADF25A13C555E82EFC330
SHA1: 2AD70365C0F96276313485A643493150751F784F

Identifiers

  • None

org-apache-tools-ant-module_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-tools-ant-module_ja.jar
MD5: 59328C5DD1FCFDE900362EBF5137CB2A
SHA1: C3C789B7EC13DEFF86E199A162628D40C2F019B3

Identifiers

  • None

org-openide-awt_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-awt_pt_BR.jar
MD5: 3799C79E9300AD0025A33F301F0BBBED
SHA1: F59AC22817A080E855B36E1DA95C88892BC131B6

Identifiers

  • None

hibernate3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/hibernate3.jar
MD5: 6B3A5EFD05BBB7F13B4DC1B8BA987FCC
SHA1: 7A43B0D8D9F73398D4405ECE0EC8136359528B1E

Identifiers

  • None

jfluid-server-cvm.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jfluid-server-cvm.jar
MD5: 61EAFB13D5BC8726AF52366468311588
SHA1: 93160715E32A440E2DC24E27F49E31DE45409E76

Identifiers

  • None

standard.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/standard.jar
MD5: 65351D0487AD57EDDA9171BB3B46B98C
SHA1: A17E8A4D9A1F7FCC5EED606721C9ED6B7F18ACF7

Identifiers

  • None

data.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/data.jar
MD5: 89A057075167D52344A8C2CC4023D32E
SHA1: 23EFE2CF3EA1A4F09D4D8EDDAE78110962DC9508

Identifiers

  • None

gmbal-api-only.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/gmbal-api-only.jar
MD5: E260B7BF2327759A5A68D859BFAF528B
SHA1: E52D27A0C2947496ACF16B05BD36C6C1950BC0CE

Identifiers

  • None

jsr250-api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jsr250-api.jar
MD5: 9D05422C8F5C6C314DF26284861506A1
SHA1: 2063D5E1D61188D5BABFC7A8D88ABDE109F8063D

Identifiers

  • None

asm.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/asm.jar
MD5: 8A687877EB19F83B8E62AC51D3499C35
SHA1: 2D70DD1FB76FCC49C131C6D841D62532870909D0

Identifiers

  • None

org-openide-awt_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-awt_zh_CN.jar
MD5: 10F1DFB4FF35BBAD45348FCD7E277918
SHA1: FEACE888CA1749485A2D9D3543904F5E93DADA89

Identifiers

  • None

jaxws-tools.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jaxws-tools.jar
MD5: 19F6FDEF41E51E601D86D13033CC64CD
SHA1: F8DA1128C269D04802BF75A81EEDC96F893FA78F

Identifiers

  • None

jakarta-oro-2.0.8.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jakarta-oro-2.0.8.jar
MD5: 42E940D5D2D822F4DC04C65053E630AB
SHA1: 5592374F834645C4AE250F4C9FBB314C9369D698

Identifiers

  • None

junit-4.5.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/junit-4.5.jar
MD5: 896973B9728A697494024163343C8112
SHA1: 7059D3D3BEDC1FCA9B33CDE8503095B3576A0BBA

Identifiers

  • None

eclipselink-javax.persistence-2.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/eclipselink-javax.persistence-2.0.jar
MD5: 9184E3EF9A9AD43F7254C1B42EBF9DF4
SHA1: 9388BAC4AEFD5CB75186C6DD8A5DF323883B4774

Identifiers

  • None

ant-apache-xalan2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-apache-xalan2.jar
MD5: FCD8464378AB37793C73030D592CFF1D
SHA1: C789EDCB51532B9F7DAEA402AD3950CCC9954730

Identifiers

  • None

jar2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jar2.jar
MD5: 08BE294DB6D0611199B5EB4F23FB2483
SHA1: F1019E541EFF513C23A4CAF6373F88F89850AB87

Identifiers

  • None

ant-nodeps.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-nodeps.jar
MD5: 1A22D1A46D2E43414073CA695C297DAB
SHA1: 24A049C1581192602FC4E16D311D5351E6678A44

Identifiers

  • None

org-openide-nodes_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-nodes_zh_CN.jar
MD5: 1869D0B19A4E3904F51975FC89E1D233
SHA1: 85A2BBF4CE2DCDB5F4CAF18A307462B58099169E

Identifiers

  • None

http.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/http.jar
MD5: 8F78929287F46CD8F4B23674B91C7BCF
SHA1: B4AAB2892E4F24E7517826D78786CC24BE5B6A2D

Identifiers

  • None

org-openide-modules.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-modules.jar
MD5: 4E3D1E63964E78ECA153996D87DFA382
SHA1: 1519B5A47AA5D235D3B4FD9EF55714D53586E3B5

Identifiers

  • None

org-openide-util-enumerations_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util-enumerations_pt_BR.jar
MD5: 0B6766CE22B06E3A4E891BEFCFEC6E28
SHA1: 78316E24E889233351A6BE39D4BB72307A089F86

Identifiers

  • None

MIDletSuite.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/MIDletSuite.jar
MD5: 710F8D189C9AD212DE0C7B02F5E35463
SHA1: 2D3E4722F4043D160D095F6C40D75AE680E3E9B6

Identifiers

  • None

mysql-connector-java-3.1.12-bin.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/mysql-connector-java-3.1.12-bin.jar
MD5: 6B622396BEA260EB213B235863356140
SHA1: 89B75811D7453371D01B5B023DFE1573C3449EEA

Identifiers

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions:

CVE-2008-4098  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Vulnerable Software & Versions:

CVE-2008-0226  

Severity: High
CVSS Score: 7.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerable Software & Versions:

org-openide-filesystems_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-filesystems_pt_BR.jar
MD5: C2BDF1FED38365405F6FDF6721F98ECD
SHA1: 5319FFD14C1BDD85BA7EE97CF8D5530FA7A0BDB1

Identifiers

  • None

asm-tree-3.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/asm-tree-3.0.jar
MD5: F1E52EDB3419A56F42949AECD27720CD
SHA1: 6FFF655717D1E1871DECFE9F8E46A531E8DF3A31

Identifiers

  • None

jfluid-server.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jfluid-server.jar
MD5: 0BBEBCDF6AE0C92FD39063754F116860
SHA1: 556C838E9D77BF9B3FEF3FF05FF1C41145681B33

Identifiers

  • None

org-openide-io_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-io_ja.jar
MD5: 735DB6C2496E0E69638394A6B89E46C2
SHA1: 86221EBBDF7B5655338092C03B7AF501E4020103

Identifiers

  • None

org-openide-options_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-options_ja.jar
MD5: 8A33405B7A2E99084997A84BB0EED76B
SHA1: 855A76C4D68594FE012BA7E440F3EDDDA37444A9

Identifiers

  • None

postgresql-8.3-603.jdbc3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/postgresql-8.3-603.jdbc3.jar
MD5: EE5D43F0FC27A90341C58AF49C31FE51
SHA1: 33D531C3C53055DDCBEA3D88BFA093466FFEF924

Identifiers

  • cpe: cpe:/a:postgresql:postgresql:8.3.603   

CVE-2010-0733  

Severity: Low
CVSS Score: 3.5
CWE: CWE-189 Numeric Errors

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.

Vulnerable Software & Versions:

jsr173_api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jsr173_api.jar
MD5: 2F2B2A2065808B2C8C44888BA14306F5
SHA1: 8B7A70786148944EF061FCA58B5467D05DAE07BA

Identifiers

  • None

org-mozilla-rhino-patched.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-mozilla-rhino-patched.jar
MD5: B7AC2B9C56AECE9CC8D2AEC2449FD2B2
SHA1: 578C393F950AB646BA8B80D2D0ABAEC6E1E72EC9

Identifiers

  • None

org-openide-filesystems_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-filesystems_zh_CN.jar
MD5: F47B8D959053D885A4417747D068E9EB
SHA1: 87D9BB74E9CFC189725AB39CBAD2A7D167139CE2

Identifiers

  • None

jna-3.0.9.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jna-3.0.9.jar
MD5: 074E388212FDB098CF55177A7F42540E
SHA1: 9DD557B9A44D05A3810104ED1C835A42B925DC4A

Identifiers

  • None

test.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/test.jar
MD5: EEB59B2D7122FFEB211A84AF374F57A1
SHA1: DD6BFB9B749A36C8319DA96C95C98AB6007E9CD7

Identifiers

  • None

org-openide-execution_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-execution_ja.jar
MD5: 31F7747982FB3C8841569A6CFD9A3DED
SHA1: 1DAF26CE9FEBA726DAA08DCBD3A4B807999A6DF2

Identifiers

  • None

swingx-0.9.5.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/swingx-0.9.5.jar
MD5: 89A20102E5B4DFF9656907DE55876421
SHA1: 7C6ED64C55164C5AE0394E11303CA95CB24166AF

Identifiers

  • None

javassist.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/javassist.jar
MD5: F4AE7631C3B9FB4EA8B61B5C5395F177
SHA1: 4DFF02CA7696982700B8DB25433289364CC028FF

Identifiers

  • None

asm-3.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/asm-3.0.jar
MD5: E1F92F5AEAE04B8E1EBDC5D46C5225F0
SHA1: D1616C03F056291A2314510DEA75739B15B4D415

Identifiers

  • None

jsch-0.1.41.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jsch-0.1.41.jar
MD5: 03C3D6A52E322689CA80AD2EA50C1E60
SHA1: AE0FBF88FE7B221CFE864136E7A792471FB10EAF

Identifiers

  • None

org-openide-actions.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-actions.jar
MD5: EABD0AC68AFD511CE5ACCB76340669DF
SHA1: 36A30442337E4CB9285AF5157234E2891D1710FE

Identifiers

  • None

jsr181-api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jsr181-api.jar
MD5: 885A3AD96D314881CFFB7191B4A27D71
SHA1: 9F10FA5E6EAF2ADF1360503CCCF807E42951F45E

Identifiers

  • None

bridge_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/bridge_ja.jar
MD5: 60D6920C51578C1811891F17271CA1DA
SHA1: 577EE874DC0AD2F11A8ED7AF628F04A151727682

Identifiers

  • None

ant-javamail.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-javamail.jar
MD5: 3BEAD8031C300289E94E2E6AAD34D583
SHA1: E06589C89BE38A31B2274A8473FF60BE60EE44E3

Identifiers

  • None

org-openide-execution_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-execution_pt_BR.jar
MD5: 13FBB401185DCAB25895B2C67A148D6A
SHA1: 2019E96BA3732BEAD1A60A783F9E82B4CCF7BF4C

Identifiers

  • None

random.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/random.jar
MD5: FE6E64B28F00CB3DD765CEA2A5616FDE
SHA1: D8D8556ACB14C00CF4949FC736AD9C6AFBD6AEDF

Identifiers

  • None

hibernate-entitymanager.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/hibernate-entitymanager.jar
MD5: DA2856B4EF145CEA3A43366C49049F86
SHA1: 504B1CF5365AEDA0F950F79B9A3EE9A5C9F18B9F

Identifiers

  • None

toplink-essentials-agent.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/toplink-essentials-agent.jar
MD5: 6F29CDBD266DA993CD749E3283000F09
SHA1: C2AA7FEFA6BA33D2A117ADEEA1E72BC2E5D4CD19

Identifiers

  • None

jzlib-1.0.7.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jzlib-1.0.7.jar
MD5: B3A3F2DBB80EF61C52B340A26F477F87
SHA1: F406B7784A0DA5C4670B038BF55A4DCD4AF30AEB

Identifiers

  • cpe: cpe:/a:jcraft:jzlib:1.0.7   

org-openide-modules_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-modules_pt_BR.jar
MD5: 3200987441C8B2A52C04B45B1DE658C3
SHA1: 2545BE4D80081D45E9FB5C9CF02E9B39E90939D8

Identifiers

  • None

policy.jar

License:

Dual License: CDDL 1.0 and GPL V2 with Classpath Exception: https://glassfish.dev.java.net/public/CDDL+GPL.html
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/policy.jar
MD5: 3959DDAD55BFC24C71A6602DA61348B7
SHA1: 51279927CBDFA55497AAA11EBCA7283934BD442C

Identifiers

  • None

ant.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant.jar
MD5: E46A018F08DA06E099FBC041C78BF040
SHA1: 5D7093B80B8893E04CBD776064F31C95BFD7A9D8

Identifiers

  • None

hibernate-annotations.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/hibernate-annotations.jar
MD5: AC93AAF6DAD9F72E1CA73EB4069B4CD0
SHA1: 2083B277C76037253189D17E68BA86D2DA478440

Identifiers

  • None

org-jdesktop-layout.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-layout.jar
MD5: C775BCD20AC80E60773D5B45D08326CE
SHA1: 84B3638107D2467052187557C2E7284E92975681

Identifiers

  • None

org-openide-dialogs_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-dialogs_ja.jar
MD5: E12378396D2B96C28988E2291F03C574
SHA1: FBF9C7DF2D54E2A6957D1E6E0F4F25E3E4304605

Identifiers

  • None

ant-commons-logging.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-commons-logging.jar
MD5: EBC2D7425725EB786686C7EF39093DCC
SHA1: 159B17740942BA98C6DAAF010E35727AE1B633B1

Identifiers

  • None

cobertura-1.9.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/cobertura-1.9.3.jar
MD5: 82357F71017914E944DA754517449CA1
SHA1: 7864BDF46B61AE956070B17B06BE6C4B7258A81F

Identifiers

  • None

org-openide-windows.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-windows.jar
MD5: 08CF18A2A2CEA2EBDFB5EA34D773C20E
SHA1: 70D4D27A071F62E1C56BA4C9D44E3FEF4963479B

Identifiers

  • None

jfluid-server_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jfluid-server_ja.jar
MD5: 717C9C8744EA956E2C2868C6D53982A8
SHA1: 9842C9581883E7EE0D5364321F28778C7F9F9152

Identifiers

  • None

LibraryJar.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/LibraryJar.jar
MD5: 50CEF79A610723550DA15D2997386792
SHA1: D8974D591FA133F56AEC67CAC4CF56FA3E748235

Identifiers

  • None

org-openide-options.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-options.jar
MD5: 99A2F7CF84380BACFC89FABA1AA89D30
SHA1: 63ACD651C4B5285FAC78E5A419C38E23C696DB8E

Identifiers

  • None

org-mozilla-rhino-patched_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-mozilla-rhino-patched_ja.jar
MD5: 22E86006E574945410DDCEAE15A16F37
SHA1: 78A6FC2DB0578B8EB610BC005A475FCBD16D1A24

Identifiers

  • None

org-jdesktop-beansbinding_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-beansbinding_zh_CN.jar
MD5: 9290ACD1BDA535A69D32719061A84CF1
SHA1: 2F23FAC4A3106CCB4C5DADE323821208A1499B32

Identifiers

  • None

org-openide-execution_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-execution_zh_CN.jar
MD5: 01AE49950E9E6290B7C93CE15BE451B4
SHA1: 23DDC4FE1434FEF01EFD09AE88BF1844E1675F05

Identifiers

  • None

axiondb.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/axiondb.jar
MD5: 0A0190AB658E3BEF503CE72841451620
SHA1: 5F5B43E88106B56F76993812FD9C3E08441402F3

Identifiers

  • None

spring-2.5.6.SEC01.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/spring-2.5.6.SEC01.jar
MD5: D8A7AFCC5FA99E8BF9E59F8DD21941FF
SHA1: 2D0D28E05BD6B6452DAAFE2B5CCB69A84EA63E5D

Identifiers

  • cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01   
  • cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01   

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions:

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions:

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions:

CVE-2011-2730  

Severity: High
CVSS Score: 7.5
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions:

org-apache-xml-resolver.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-xml-resolver.jar
MD5: 3529017FC59F2662CF682B0B416AE90D
SHA1: C36E670E5DC08AC5326822814181418657C81F4C

Identifiers

  • None

org-openide-compat_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-compat_zh_CN.jar
MD5: FA04CC17936C47B8A141EA69F2EBB9C2
SHA1: 01B3B44000D38DFE2C868431FD95FE4D52103655

Identifiers

  • None

org-openide-util-enumerations.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util-enumerations.jar
MD5: BF627E5AC3BB2AC3850B573510E27D31
SHA1: 1E18580D0214BB61EF3FAA091EFD1C5A04B76E97

Identifiers

  • None

jar1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jar1.jar
MD5: 7BF151594D422A577B77B82BEFCFC8AD
SHA1: B4959A7DFF01EB364E709BBF25043E27205AA91F

Identifiers

  • None

org-openide-io_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-io_pt_BR.jar
MD5: 2E190FE25DFC2574D298E5DDD7172DFC
SHA1: E6D2A22ACA0FF85856BEFA2E531D5A4643F3CD53

Identifiers

  • None

org-openide-io_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-io_zh_CN.jar
MD5: 3BA28BEDA40B7A0233B2C823CC159E1D
SHA1: 9B3363D93F575A0E622F31508E659DB9C2255C63

Identifiers

  • None

ant-jai.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-jai.jar
MD5: 716559BE53C52D9FBC5F23A425A0048B
SHA1: 6A55907C6C2714ED48C633102AE3DC1DC4AE3E25

Identifiers

  • None

toplink-essentials.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/toplink-essentials.jar
MD5: 12112AD1599D7629819A3B4DFEE29898
SHA1: E37AD76E5B2ABA8F3F440DB0F4B9827C31AA7FD1

Identifiers

  • None

ehcache-1.2.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ehcache-1.2.3.jar
MD5: 88CF5711BBCE566561DF9FBC3D4599CC
SHA1: 27639F394FB965730C334648B0703FEE61C82C7A

Identifiers

  • None

org-openide-util-lookup.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util-lookup.jar
MD5: CD16786A6631467A359123CB7578A802
SHA1: 16B6C879D86A0F2EB50F2C37D25165620DB92475

Identifiers

CVE-2007-0237  

Severity: Medium
CVSS Score: 4.6

The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Software & Versions:

org-jdesktop-beansbinding.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-beansbinding.jar
MD5: 1F3A959737090C75F57F1917837CC041
SHA1: 8B621B39B61046868833C03DDE5F6C92549A7EF0

Identifiers

  • None

saaj-impl.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/saaj-impl.jar
MD5: 266AEE22AE8A16A7A8DC31043FFB4334
SHA1: 59DEE95C865420C3AC1D21C89F4EB4C4DF62A745

Identifiers

  • None

org.eclipse.mylyn.commons.net_3.3.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org.eclipse.mylyn.commons.net_3.3.0.jar
MD5: 55038389E8AFB198C0E19039B6F8443E
SHA1: 02C39E6C02E2386D4936245F90AC4BFA5A7BCD49

Identifiers

  • cpe: cpe:/a:apache:commons-httpclient:3.3.0   

ejb3-persistence.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ejb3-persistence.jar
MD5: 6E7F52E9E7D41CA77F8F0FA0FC89EF0B
SHA1: EB4547E30BE1B87534F48076DFAE32DDC9A6F513

Identifiers

  • None

core.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/core.jar
MD5: 227E4C92A120376D3C1A2B23B7404E8D
SHA1: 4EE1D085C152684E98AA1478AD3F3238B6FE0ABD

Identifiers

  • None

jbb.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jbb.jar
MD5: 93DDED23D8AD7B60D0525B9CC47205BC
SHA1: BE7D21E83998281F116320A1BD42411D669A1E4B

Identifiers

  • cpe: cpe:/a:jbb:jbb:-   

org-openide-filesystems.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-filesystems.jar
MD5: 5C9C421EEBF8A1395936802B5ECE62C0
SHA1: 62FE56497D2660C96DB4DF2F4062DA7902DD162F

Identifiers

  • None

commons-net-1.4.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/commons-net-1.4.1.jar
MD5: 365C9A26E81B212DE0553FBED10452CC
SHA1: ABB932ADB2C10790C1EAA4365D3AC2A1AC7CB700

Identifiers

  • None

testdata.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/testdata.jar
MD5: 9F7AC0AAA0B28AB4946374B591839FD0
SHA1: B87412CB746B0E5A9646AA76133B1778284EA2F0

Identifiers

  • None

smackx.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/smackx.jar
MD5: 4DDA34B9410E6ADBEBA0EEB0A72A7607
SHA1: BA1365C7E5F3CF7F7641B354677B3F54A6EA5A15

Identifiers

  • None

lucene-core-2.4.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/lucene-core-2.4.1.jar
MD5: 50373BCA7C7436D4B9741A3A8E972A3A
SHA1: D97F0F8E854040A62A0C9B1B6C2CC10DE330D696

Identifiers

  • None

jta.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jta.jar
MD5: C6E3E528816227B97F6B21F709641F8F
SHA1: 3DD157A4F4FE115AC5D165D6C21463D0CE9E3C7B

Identifiers

  • None

javac-api-nb-7.0-b07.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/javac-api-nb-7.0-b07.jar
MD5: B139E64E4CCB9D092EEA7D67AAF6CCD4
SHA1: 722231FB54FAD8CD92B55B44B9769466E31C638B

Identifiers

  • None

flute-1.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/flute-1.3.jar
MD5: 2F2E13CD3523C545DD1C4617B373692C
SHA1: B7D59DC172005598B55699B1A75605B13C14F1FD

Identifiers

  • None

jar0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jar0.jar
MD5: 7BF151594D422A577B77B82BEFCFC8AD
SHA1: B4959A7DFF01EB364E709BBF25043E27205AA91F

Identifiers

  • None

jsp-api-2.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jsp-api-2.0.jar
MD5: 76DA369ED350701072A86AF42F3750A7
SHA1: 177D23AE7A32FBA84D2798258EEA71825F3A92B0

Identifiers

  • None

servlet-api-2.5-6.0.2.jar

License:

Apache License Version 1.1: http://www.apache.org/licenses/LICENSE-1.1
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/servlet-api-2.5-6.0.2.jar
MD5: 1CE6A46CE2BD7EF0A2A3EA1E5F017B5C
SHA1: 93F0DA797D921C60E684A19B502C499193D78F18

Identifiers

  • cpe: cpe:/a:jetty:jetty:6.0.2   
  • cpe: cpe:/a:mortbay:jetty:6.0.2   
  • cpe: cpe:/a:mortbay_jetty:jetty:6.0.2   

CVE-2011-4461  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-310 Cryptographic Issues

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions:

CVE-2009-4611  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

Vulnerable Software & Versions:

CVE-2009-4610  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.

Vulnerable Software & Versions:

CVE-2009-4609  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.

Vulnerable Software & Versions:

CVE-2009-1524  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Vulnerable Software & Versions:

CVE-2009-1523  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Vulnerable Software & Versions:

CVE-2007-5615  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Software & Versions:

bridge_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/bridge_pt_BR.jar
MD5: 2DFD2F7F65B472D7E6F6B40C65B5CD35
SHA1: D308287A55A3A385ECCE45DE7DCBFE88827E4016

Identifiers

  • None

org-openide-util-lookup_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util-lookup_ja.jar
MD5: A252BE6752BD6B96342EB07DC4CD9676
SHA1: 26C941DB9A1FC6A3610AA1D1481261737B7CC85C

Identifiers

  • cpe: cpe:/a:lookup:lookup:-   

CVE-2007-0237  

Severity: Medium
CVSS Score: 4.6

The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Software & Versions:

JavaApplication1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/JavaApplication1.jar
MD5: 8298C6DD0E468A9764C0385205A2FF2A
SHA1: 8453CB7683A86819157E0CBC945055C7DE969BD5

Identifiers

  • None

org-apache-tools-ant-module_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-tools-ant-module_pt_BR.jar
MD5: CDD40B45501CA9FECB37612F026375DA
SHA1: 3DE687D17D86A187C6E865C66BAFE15D4F38C2AC

Identifiers

  • None

maven-dependency-tree-1.2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/maven-dependency-tree-1.2.jar
MD5: 77DD5467F4C50EBAC8473392F626D5A0
SHA1: 653A6AD1EF786BC577FC20F56E5F2B1D30423805

Identifiers

  • None

MathLib.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/MathLib.jar
MD5: E49AC00BD1DAAA073CBC96B8FF82F164
SHA1: 620899012A6131DBC29261A3EC81828F7915E7D9

Identifiers

  • None

org-openide-windows_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-windows_ja.jar
MD5: 55930FC8E9DEC51AC6766551D85FFB0B
SHA1: 939AB87417D833460EEE47789121B7B3F8359E6A

Identifiers

  • None

maven-embedder-2.1-20080623-patched.jar

Description:  Wagon that gets and puts artifacts using SSH protocol with a preinstalled SSH client

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/maven-embedder-2.1-20080623-patched.jar
MD5: D622A36AF821E8D3FFD8814CDF088967
SHA1: C712E758892FDAF1DB1BD11AAAFB7F4BB1B69EF9

Identifiers

  • None

ant-apache-log4j.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-apache-log4j.jar
MD5: 8F93B4E3D9B418C6EA4FE2BC50393FB1
SHA1: 87007D2D2120DFD6E03EC8048327CD99DF22BEAC

Identifiers

  • None

jdom-1.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jdom-1.0.jar
MD5: 0B8F97DE82FC9529B1028A77125CE4F8
SHA1: A2AC1CD690AB4C80DEFE7F9BCE14D35934C35CEC

Identifiers

  • None

lib1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/lib1.jar
MD5: E2F67289F22CC42C8FE0F394275A97B1
SHA1: B25A575CE368C1EC7B46D0C50C219FFF85D6157A

Identifiers

  • None

jaxws-rt.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jaxws-rt.jar
MD5: 5F96A0BCF65C736B63677005F80729CC
SHA1: B8415B485DD3BA43A2ED361003AE4360FD48F513

Identifiers

  • None

org-openide-explorer_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-explorer_ja.jar
MD5: 85248EE1BE5FDF6D04FA77F772A366C2
SHA1: 3E17F2A2EC3387DA749C324DBB11D2A63FCD1BAD

Identifiers

  • None

org-openide-compat_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-compat_pt_BR.jar
MD5: 94F40BA175ABCD4C59CE6C971FED84C2
SHA1: 57491146DB20A64255592DCD7CEC437D74D877E5

Identifiers

  • None

org-openide-explorer_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-explorer_pt_BR.jar
MD5: 173CA2591AB30DD9BD5D6723C8057E9A
SHA1: 369B6E61F114C647E2CA278EA8077BF4D31AD52D

Identifiers

  • None

streambuffer.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/streambuffer.jar
MD5: 15E53ABBB0C8B0E83FDBA7C73F8492C2
SHA1: 2F28939FCC20260A491473FCB99B4DF056F78663

Identifiers

  • None

swing-worker-1.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/swing-worker-1.1.jar
MD5: 339FF47E13F3C08017BB85DEA2AB9255
SHA1: DC9F8D6F7236087924AAD28FBEC794A087DD1B3D

Identifiers

  • None

org-openide-actions_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-actions_pt_BR.jar
MD5: F98C47E4596B16F43C33FBB68F4F95F9
SHA1: 034540D9C19EB78CB83A36D572A68A4C2248C01D

Identifiers

  • None

jaxb1-impl.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jaxb1-impl.jar
MD5: 2678C6FD7267F61EF0B8909BBCE0A7C8
SHA1: F02664A059617D060BEC3EBA0BC002B2102AEB84

Identifiers

  • None

org-openide-io.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-io.jar
MD5: A54FC1EE387F154FDD1513E864B9898E
SHA1: B58B0EA363272D1199162E28B14EFC96188B69D0

Identifiers

  • None

freemarker-2.3.8.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/freemarker-2.3.8.jar
MD5: 2517AE709F517B32A3F6016FCD8C4E89
SHA1: 4C7CF4ED0436A450EA759C2DFD7485A6929CC401

Identifiers

  • None

org.eclipse.mylyn.tasks.core_3.3.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org.eclipse.mylyn.tasks.core_3.3.1.jar
MD5: D5A58B8CBA0C4C7FF62E5364B3E9A80D
SHA1: DF522A06BF4EFD99A12C545C294D940CF6A2E01D

Identifiers

  • None

org-openide-modules_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-modules_ja.jar
MD5: 25814F33026420F8C987E80FAE973358
SHA1: 9556695AE2547ED8E111BBCE38469230D232C5A7

Identifiers

  • None

commons-io-1.4.jar

Description:  Commons-IO contains utility classes, stream implementations, file filters, file comparators and endian classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/commons-io-1.4.jar
MD5: B6A50C8A15ECE8753E37CBE5700BF84F
SHA1: A8762D07E76CFDE2395257A5DA47BA7C1DBD3DCE

Identifiers

  • None

org-openide-modules_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-modules_zh_CN.jar
MD5: FAA43D93B54358F282E4B51EE3567834
SHA1: 3496F445C73370A7463C2A8BE5E7141EC462BC1A

Identifiers

  • None

mysql-connector-java-5.1.6-bin.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/mysql-connector-java-5.1.6-bin.jar
MD5: 40BE305EE91FB6A7A385EEB260C7C08A
SHA1: 380EF5226DE2C85FF3B38CBFEFEEA881C5FCE09D

Identifiers

CVE-2014-0437  

Severity: Low
CVSS Score: 3.5

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions:

CVE-2014-0412  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions:

CVE-2014-0402  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Vulnerable Software & Versions:

CVE-2014-0401  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions:

CVE-2014-0393  

Severity: Low
CVSS Score: 3.3

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

Vulnerable Software & Versions:

CVE-2014-0386  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions:

CVE-2013-5908  

Severity: Low
CVSS Score: 2.6

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Vulnerable Software & Versions:

CVE-2013-3808  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Vulnerable Software & Versions:

CVE-2013-3804  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2013-3802  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

Vulnerable Software & Versions:

CVE-2013-2392  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2013-2391  

Severity: Low
CVSS Score: 3.0

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

Vulnerable Software & Versions:

CVE-2013-2389  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions:

CVE-2013-2378  

Severity: Medium
CVSS Score: 6.0

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions:

CVE-2013-1555  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions:

CVE-2013-1552  

Severity: Medium
CVSS Score: 6.0

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Software & Versions:

CVE-2013-1548  

Severity: Low
CVSS Score: 3.5

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

Vulnerable Software & Versions:

CVE-2013-1521  

Severity: Medium
CVSS Score: 6.5

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions:

CVE-2013-1506  

Severity: Low
CVSS Score: 2.8

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions:

CVE-2013-1492  

Severity: High
CVSS Score: 7.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

Vulnerable Software & Versions:

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions:

CVE-2012-3197  

Severity: Low
CVSS Score: 3.5

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions:

CVE-2012-3180  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2012-3177  

Severity: Medium
CVSS Score: 6.8

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions:

CVE-2012-3173  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

Vulnerable Software & Versions:

CVE-2012-3167  

Severity: Low
CVSS Score: 3.5

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

Vulnerable Software & Versions:

CVE-2012-3166  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions:

CVE-2012-3163  

Severity: High
CVSS Score: 9.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions:

CVE-2012-3160  

Severity: Low
CVSS Score: 2.1

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Vulnerable Software & Versions:

CVE-2012-3158  

Severity: High
CVSS Score: 7.5

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

Vulnerable Software & Versions:

CVE-2012-3150  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2012-2749  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-399 Resource Management Errors

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

Vulnerable Software & Versions:

CVE-2012-2102  

Severity: Low
CVSS Score: 3.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

Vulnerable Software & Versions:

CVE-2012-1734  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2012-1703  

Severity: Medium
CVSS Score: 6.8

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2012-1702  

Severity: Medium
CVSS Score: 5.0

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions:

CVE-2012-1697  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions:

CVE-2012-1696  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2012-1690  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2012-1689  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions:

CVE-2012-1688  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

Vulnerable Software & Versions:

CVE-2012-0882  

Severity: High
CVSS Score: 7.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Software & Versions:

CVE-2012-0583  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

Vulnerable Software & Versions:

CVE-2012-0574  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions:

CVE-2012-0553  

Severity: High
CVSS Score: 7.5
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

Vulnerable Software & Versions:

CVE-2012-0540  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions:

CVE-2012-0492  

Severity: Low
CVSS Score: 2.1

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

Vulnerable Software & Versions:

CVE-2012-0490  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions:

CVE-2012-0485  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

Vulnerable Software & Versions:

CVE-2012-0484  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

Vulnerable Software & Versions:

CVE-2012-0120  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions:

CVE-2012-0119  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions:

CVE-2012-0118  

Severity: Medium
CVSS Score: 4.9

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

Vulnerable Software & Versions:

CVE-2012-0116  

Severity: Medium
CVSS Score: 4.9

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions:

CVE-2012-0115  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions:

CVE-2012-0114  

Severity: Low
CVSS Score: 3.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions:

CVE-2012-0113  

Severity: Medium
CVSS Score: 5.5

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.

Vulnerable Software & Versions:

CVE-2012-0112  

Severity: Low
CVSS Score: 3.5

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions:

CVE-2012-0102  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

Vulnerable Software & Versions:

CVE-2012-0101  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.

Vulnerable Software & Versions:

CVE-2012-0087  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.

Vulnerable Software & Versions:

CVE-2012-0075  

Severity: Low
CVSS Score: 1.7

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

Vulnerable Software & Versions:

CVE-2011-2262  

Severity: Medium
CVSS Score: 5.0

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions:

CVE-2010-3840  

Severity: Medium
CVSS Score: 4.0

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Vulnerable Software & Versions:

CVE-2010-3839  

Severity: Medium
CVSS Score: 4.0

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

Vulnerable Software & Versions:

CVE-2010-3838  

Severity: Medium
CVSS Score: 4.0

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Vulnerable Software & Versions:

CVE-2010-3837  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

Vulnerable Software & Versions:

CVE-2010-3836  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

Vulnerable Software & Versions:

CVE-2010-3835  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-189 Numeric Errors

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Vulnerable Software & Versions:

CVE-2010-3834  

Severity: Medium
CVSS Score: 4.0

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

Vulnerable Software & Versions:

CVE-2010-3833  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Vulnerable Software & Versions:

CVE-2010-3683  

Severity: Medium
CVSS Score: 4.0

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

Vulnerable Software & Versions:

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions:

CVE-2010-3681  

Severity: Medium
CVSS Score: 4.0

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

Vulnerable Software & Versions:

CVE-2010-3680  

Severity: Medium
CVSS Score: 4.0

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

Vulnerable Software & Versions:

CVE-2010-3679  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

Vulnerable Software & Versions:

CVE-2010-3678  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Vulnerable Software & Versions:

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions:

CVE-2010-3676  

Severity: Medium
CVSS Score: 4.0

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

Vulnerable Software & Versions:

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions:

CVE-2010-1850  

Severity: Medium
CVSS Score: 6.0
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

Vulnerable Software & Versions:

CVE-2010-1849  

Severity: Medium
CVSS Score: 5.0

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Vulnerable Software & Versions:

CVE-2010-1848  

Severity: Medium
CVSS Score: 6.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Vulnerable Software & Versions:

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions:

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2009-4030  

Severity: Medium
CVSS Score: 4.4
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.

Vulnerable Software & Versions:

CVE-2009-4028  

Severity: Medium
CVSS Score: 6.8
CWE: CWE-20 Improper Input Validation

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Vulnerable Software & Versions:

CVE-2009-4019  

Severity: Medium
CVSS Score: 4.0

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

Vulnerable Software & Versions:

CVE-2009-0819  

Severity: Medium
CVSS Score: 4.0

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

Vulnerable Software & Versions:

CVE-2008-7247  

Severity: Medium
CVSS Score: 6.0
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Vulnerable Software & Versions:

CVE-2008-3963  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-134 Uncontrolled Format String

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Vulnerable Software & Versions:

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions:

CVE-2007-5925  

Severity: Medium
CVSS Score: 4.0
CWE: CWE-20 Improper Input Validation

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Vulnerable Software & Versions:

CVE-2007-2693  

Severity: Low
CVSS Score: 3.5

MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.

Vulnerable Software & Versions:

CVE-2007-2692  

Severity: Medium
CVSS Score: 6.0

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Vulnerable Software & Versions:

CVE-2007-2691  

Severity: Medium
CVSS Score: 4.9

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Vulnerable Software & Versions:

CVE-2006-7232  

Severity: Low
CVSS Score: 3.5
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

Vulnerable Software & Versions:

CVE-2006-4227  

Severity: Medium
CVSS Score: 6.5
CWE: CWE-20 Improper Input Validation

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

Vulnerable Software & Versions:

CVE-2006-4226  

Severity: Low
CVSS Score: 3.6

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Vulnerable Software & Versions:

CVE-2006-3486  

Severity: Low
CVSS Score: 2.1
CWE: CWE-189 Numeric Errors

** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.

Vulnerable Software & Versions:

Annotations.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/Annotations.jar
MD5: 880D86792CA29824F7B2268DACD21B05
SHA1: 653819A7BAC3E31E8824FCD8C48D44AD310C581A

Identifiers

  • None

org-openide-util_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util_ja.jar
MD5: F366357C9A5646880F902FFDB878B81D
SHA1: FB96D8F58C6778FB2E828EB9B3D4EF9956844C7E

Identifiers

  • None

org-openide-options_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-options_zh_CN.jar
MD5: 979E4DF0327A047981F47A1005DB2B7F
SHA1: DD161237939668805AE1934891B4E7945F5FA738

Identifiers

  • None

MobileApplication.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/MobileApplication.jar
MD5: D44A85D6959E16A5992DEC0B613DDB58
SHA1: 9D8E577AEA01937912E4F8425F632B5E200F1FA5

Identifiers

  • None

ini4j-0.4.1.jar

Description: Java API for handling configuration files in Windows .ini format. The library includes its own Map based API, Java Preferences API and Java Beans API for handling .ini files. Additionally, the library includes a feature rich (variable/macro substitution, multiply property values, etc) java.util.Properties replacement.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ini4j-0.4.1.jar
MD5: 6759523141B0277FC8898CE1F2E50C85
SHA1: 50986B7D247AF02C3DC25CB26B5FC7D5CF1340E6

Identifiers

  • None

bridge.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/bridge.jar
MD5: 0F377846B9990C5FD38D8FE4548C0022
SHA1: 295E82EAB7238F6F9276C10A4CCE6B67395C3754

Identifiers

  • None

asm-attrs.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/asm-attrs.jar
MD5: 9791E464C742D33BAB27DF60DDECAB86
SHA1: CC164D056A7118B7A70705F6429CBC6BB44FD8DC

Identifiers

  • None

jaxb-impl.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jaxb-impl.jar
MD5: 27F59D6B118B3803D6F867B43E5F5657
SHA1: 2EC69BD69B66B0DABEA392DE713A11F975001760

Identifiers

  • None

ant-testutil.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-testutil.jar
MD5: 89E8DACDFD6BC59159C1D3B1D4774F8C
SHA1: ABA8773BB63161DAF419E48A98B5C6AB375B699C

Identifiers

  • None

org-jdesktop-layout_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-layout_zh_CN.jar
MD5: 5ED07A7C395E85B5246DBCFB1335EA2B
SHA1: 767D8A3A8F5A25ADC8C5F21D1472AE35AB49E3DD

Identifiers

  • None

org-openide-filesystems_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-filesystems_ja.jar
MD5: 24E76CD5AAFE12234E140BA2D93761EF
SHA1: AAACBE9F6274232EF5E0241A87D015FF0404B843

Identifiers

  • None

ant-jdepend.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-jdepend.jar
MD5: 157722C155C22B03512ECC5181020D9F
SHA1: 1FB662E54263273E9A6509AAD9CE73535CDAD35A

Identifiers

  • None

osgi.core-4.2.jar

Description: OSGi Service Platform Release 4 Version 4.2, Core Interfaces and Classes for use in compiling bundles.

License:

http://opensource.org/licenses/apache2.0.php; link="http://www.apache.org/licenses/LICENSE-2.0"; description="Apache License, Version 2.0"
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/osgi.core-4.2.jar
MD5: BE1FD0241BD11361A50330D79AB7DB5B
SHA1: 986195A7E31034EE73F7A896A36B24169692F142

Identifiers

  • None

activation.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/activation.jar
MD5: E06E9DAB5528EDB30D1B841B76191EC9
SHA1: D107B729E3CCD30E84A5E0229F900BF95DB10FC1

Identifiers

  • None

libpam4j-1.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/libpam4j-1.1.jar
MD5: 5445DE6D7498935F9B1423D5361253A2
SHA1: 2E07375E5CA3A452472F0E87FB33F243F7A5C08C

Identifiers

  • cpe: cpe:/a:pam:pam:1.1   

org-apache-xml-resolver_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-xml-resolver_zh_CN.jar
MD5: E5EF094359A82A0B40BED5EB507B1028
SHA1: B9F3C6DB2D2056C5AE63D59BEB5D033311B06384

Identifiers

  • None

hibernate-commons-annotations.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/hibernate-commons-annotations.jar
MD5: 1CCEFBE43FEDFFC16835CEB1A777D199
SHA1: C8F53732FE3B75935F0550BDC3BA92BC9345360F

Identifiers

  • None

jsearch-2.0_05.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jsearch-2.0_05.jar
MD5: 9F0E3468FB08F32FC7FEC8A061C29517
SHA1: D4EF66C1CC8A5B3C97E0CC7C210227AAEC1F1086

Identifiers

  • None

org-openide-compat_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-compat_ja.jar
MD5: 470F2775B1D9D1826B9D18E3865B8E61
SHA1: 67151E5DBFC5A161923FA83BD7AB5FE94C871B05

Identifiers

  • None

jdbc2_0-stdext.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jdbc2_0-stdext.jar
MD5: F5B32E6765AA4EAA33A849414820D17F
SHA1: A5B63C831E288651661258F7E99F214398871C0B

Identifiers

  • None

nexus-indexer-2.0.0-shaded.jar

License:

Eclipse Public License: http://www.eclipse.org/org/documents/epl-v10.html
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/nexus-indexer-2.0.0-shaded.jar
MD5: B22FC4D4FD1677B602F770EC1912874F
SHA1: AC462A467C927808D586D0164BC8A4006B825851

Identifiers

lib2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/lib2.jar
MD5: B0DB8DE6F3CA013160C8643A7031BA7A
SHA1: 986781E6550C285579AE95C0D014E9FF28DC348F

Identifiers

  • None

org-openidex-util_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openidex-util_pt_BR.jar
MD5: 2DD89009F0369519E7A578F67D6FCA2C
SHA1: 11E62BA79D71423C4DCBF20E7FCD9F0353AB85FC

Identifiers

  • None

ant-apache-oro.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-apache-oro.jar
MD5: 8B97410582216AF0B3196F1D1B701FA9
SHA1: B0CFA25330B208457894AA99564A189EC85AE00E

Identifiers

  • None

org-openide-text_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-text_pt_BR.jar
MD5: 8DE2F6865CAD888EE7608BA867944600
SHA1: 4022904BB49EC11619A51EEB17B71D1F5AEA76BF

Identifiers

  • None

javac-impl-nb-7.0-b07.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/javac-impl-nb-7.0-b07.jar
MD5: 33B1502002A9E83C9C33B5904BD2B5FE
SHA1: E50F76E4F9272D307A6699C06C73FE98CADE0C7A

Identifiers

  • None

jh-2.0_05.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jh-2.0_05.jar
MD5: BF0FACD7FC6973C1D8D0AC855C16DF06
SHA1: CAEA9DC54533851149EC39FC1F4D45A02F2443CD

Identifiers

  • None

org-openide-explorer.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-explorer.jar
MD5: B9A15F070078A5B015E2F68EC0AE30E5
SHA1: 2788E09BCE85B2F93F8D40534BD2717ADBDC73C8

Identifiers

  • None

org-openide-util-enumerations_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util-enumerations_zh_CN.jar
MD5: 72B4A2D324F0BB82951B0C44AEB61B38
SHA1: E85D02A6928E44ADCD407D970CCA8270A2EA9BEC

Identifiers

  • None

jetty-6.0.2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jetty-6.0.2.jar
MD5: D565D958B7534DFA3C5E78A8FD89232D
SHA1: 15D7DCE0CE01865DAE333A8412D1423756726DE8

Identifiers

  • cpe: cpe:/a:jetty:jetty:6.0.2   
  • cpe: cpe:/a:mortbay:jetty:6.0.2   
  • cpe: cpe:/a:mortbay_jetty:jetty:6.0.2   

CVE-2011-4461  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-310 Cryptographic Issues

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions:

CVE-2009-4611  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

Vulnerable Software & Versions:

CVE-2009-4610  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.

Vulnerable Software & Versions:

CVE-2009-4609  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-200 Information Exposure

The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.

Vulnerable Software & Versions:

CVE-2009-1524  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Vulnerable Software & Versions:

CVE-2009-1523  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Vulnerable Software & Versions:

CVE-2007-5615  

Severity: Medium
CVSS Score: 5.0
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Software & Versions:

stuff.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/stuff.jar
MD5: 76CDB2BAD9582D23C1F6F4D868218D6C
SHA1: B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33

Identifiers

  • None

bindex-2.2.jar

Description: Provides a command line utility to index a set of bundles. This code can be run from the command line.

License:

http://www.apache.org/licenses/LICENSE-2.0;description="This material is licensed under the Apache Software License, Version 2.0"; link="http://www.apache.org/licenses/LICENSE-2.0"
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/bindex-2.2.jar
MD5: 047C92F092A756C5623D67DAE9A320EC
SHA1: A806D99716C5E9441BFD8B401176FDDEFC673022

Identifiers

  • None

ant-bootstrap.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-bootstrap.jar
MD5: 79C559D85CCC3F0AB6AC63C124EB05A6
SHA1: 903499147B72EF1C33FD11B1CDDA577550A27846

Identifiers

  • None

org-openide-loaders.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-loaders.jar
MD5: 04BF3172B43F06A23A740751CE67B0F4
SHA1: 873A7E9D413622EE1634D98F3BA65A1D2D5C792C

Identifiers

  • None

dom4j-1.6.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/dom4j-1.6.1.jar
MD5: 4D8F51D3FE3900EFC6E395BE48030D6D
SHA1: 5D3CCC056B6F056DBF0DDDFDF43894B9065A8F94

Identifiers

  • None

72080.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/72080.jar
MD5: 5749B1138AE67BF09F07E35E59DC2ECD
SHA1: 39758F3E43AAA9C0D1A95EACAE44DEFF678F462A

Identifiers

  • None

org-openide-dialogs_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-dialogs_zh_CN.jar
MD5: BE40A2A10089F819AC8ED65A35EA87DA
SHA1: 51C69CE5BD88F8F45EA5FA1BA5BCB1828A0EFCFE

Identifiers

  • None

commons-httpclient-3.1.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/commons-httpclient-3.1.jar
MD5: 8AD8C9229EF2D59AB9F59F7050E846A5
SHA1: 964CD74171F427720480EFDEC40A7C7F6E58426A

Identifiers

  • cpe: cpe:/a:apache:commons-httpclient:3.1   
  • cpe: cpe:/a:apache:httpclient:3.1   

org-openide-awt_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-awt_ja.jar
MD5: 064EC8E0A1D0B377EE30ADE09D09672B
SHA1: 3592E168885086DD51128B4B84429BD8701343FD

Identifiers

  • None

eclipselink-2.0.2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/eclipselink-2.0.2.jar
MD5: 205A5EC49A3F292E7F5E11DA45D6E8C3
SHA1: 3728A6642554014E29D1B6DAF2FF1637FC925FD6

Identifiers

  • None

bridge_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/bridge_zh_CN.jar
MD5: B78A2466B08A0822B6A3A34EF4EC6678
SHA1: 7B810A6B7278871FD7674BD554081521A5B95938

Identifiers

  • None

cglib-2.1.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/cglib-2.1.3.jar
MD5: CE1DCE4A5F6865FB88D4C7C2728B78ED
SHA1: D3851E366B9FE8B7D8215DE0F9EB980B359D8DE0

Identifiers

  • None

webserver.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/webserver.jar
MD5: 9ACD5FD6C3E1317DBE2004A07216FFA1
SHA1: CD5B5996B46CB8D96C8F0F89A7A734B3C01F3DF7

Identifiers

  • cpe: cpe:/a:apache:tomcat:-   

CVE-2013-2185  

Severity: High
CVSS Score: 7.5
CWE: CWE-20 Improper Input Validation

** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.

Vulnerable Software & Versions:

CVE-2009-2696  

Severity: Medium
CVSS Score: 4.3
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

Vulnerable Software & Versions:

CVE-2007-5461  

Severity: Low
CVSS Score: 3.5
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Software & Versions:

CVE-2002-0493  

Severity: High
CVSS Score: 7.5

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Vulnerable Software & Versions:

servlet-api-2.4.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/servlet-api-2.4.jar
MD5: 041419ED42B9191D2729073232AAD7EA
SHA1: C51FABD6A72D53CEA6B4548C6E3284B42A8658C8

Identifiers

  • None

ant-swing.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-swing.jar
MD5: 998B8EDA5A8784A31109D054CFBDB7C9
SHA1: 8DCDA8CD65A8FDE74AA884FF30D47688EF669D88

Identifiers

  • None

org-openide-util_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util_pt_BR.jar
MD5: D1F8B041B74E1E572964EFDC443C620C
SHA1: F2E79114402E87496A24147722C9755AFF84C3F2

Identifiers

  • None

xerces-2.8.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/xerces-2.8.0.jar
MD5: 00B9A88A935985D17B7621C74A498BB4
SHA1: 6E60617C9D81EA1EF96913C226900BC2D1E69C37

Identifiers

  • None

org-openide-text_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-text_zh_CN.jar
MD5: 113E485811978635044FF52E5BD73749
SHA1: 8DDC463AF1A4E5226C160ED2BCECE1AFAF86C355

Identifiers

  • None

ExtensionLibrary8.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ExtensionLibrary8.jar
MD5: 79FC990A64917F3667DD216BC3E45E7C
SHA1: 9B6BBCE65F616DD469879DB18CF0899D6DB34BB4

Identifiers

  • None

jfluid-server-15.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jfluid-server-15.jar
MD5: 4991EACF4396BE79ACE8B61B5CC04F9D
SHA1: D91945A1A2941B1CB8B2DF72E61940B5459C27CF

Identifiers

  • None

commons-lang-2.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/commons-lang-2.3.jar
MD5: DCDCBB47176603907C9F79A1349193EB
SHA1: 0EECDAC8C86BC84B4BDFC24371BA8C785A1FC552

Identifiers

  • None

swing-layout-1.0.4.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/swing-layout-1.0.4.jar
MD5: 85AC7CBDA9A82B37F3CC0B1A79625F4E
SHA1: 69D72835E165439CF7816EFDA65868FD4E0C6E2A

Identifiers

  • None

org-openide-util.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util.jar
MD5: A28E40DDE366D9FCEC24D71EC13F8BE0
SHA1: DF4053D42CD64A4070DDCA7AEAE4E4E3645B1BC2

Identifiers

  • None

jfluid-server_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jfluid-server_zh_CN.jar
MD5: 885623ABE6CB125F18C90C116EC63E45
SHA1: 46BD0E2312FE9B5EA99214F3194AFF43CAB2822B

Identifiers

  • None

executable-jar.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/executable-jar.jar
MD5: 290FBEAEE71546BA71DE62DF4CADE0B6
SHA1: 4438C782D1B8F23F7943E5561D88BD22CFB44AAD

Identifiers

  • None

felix-2.0.3.jar

Description: OSGi R4 framework implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/felix-2.0.3.jar
MD5: 89E6C8D43B97F8E456E3DFAB94689DE5
SHA1: 08676C719D33D26DF4F3988E210A04D7F11183B7

Identifiers

  • None

org-openidex-util_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openidex-util_zh_CN.jar
MD5: 59F2E64A8F6740EED1E3C4906496475B
SHA1: 54ADA9BFF8F8A69A4C78FF248F51D27372CB8879

Identifiers

  • None

org-openide-windows_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-windows_pt_BR.jar
MD5: D1A1234055C6C252832DCE2AF7E742C0
SHA1: 66A3AB31A7E4B9042A79A92127B034996176F9CE

Identifiers

  • None

apache-commons-codec-1.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/apache-commons-codec-1.3.jar
MD5: 8E149C1053741C03736A52DF83974DCC
SHA1: FD32786786E2ADB664D5ECC965DA47629DCA14BA

Identifiers

  • None

spring-web-3.0.2.RELEASE.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/spring-web-3.0.2.RELEASE.jar
MD5: AF5E1EC64D7F1823BD8CA0E930A21B3F
SHA1: 284C2157FA8D6376DE1DA73BB3FC64DDDFA702F0

Identifiers

  • None

RandomJar.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/RandomJar.jar
MD5: A637EA0C427FC1A8F2B6F2033C9892DD
SHA1: 35D006D921143DFA2B319BE28E06848E91C51BC6

Identifiers

  • None

org-apache-tools-ant-module_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-apache-tools-ant-module_zh_CN.jar
MD5: 5DD8F10AC613B3B5E41932B682B46A96
SHA1: 4AA64F167140BDD6493EC22AC67F6025AAC26B73

Identifiers

  • None

svnClientAdapter-1.6.0.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/svnClientAdapter-1.6.0.jar
MD5: C12CB6B23E07463ACD34FF8DFACE2E84
SHA1: 2C27546408D85D15443D18A989E7A4CF4D67974F

Identifiers

CVE-2009-2411  

Severity: High
CVSS Score: 8.5
CWE: CWE-189 Numeric Errors

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

Vulnerable Software & Versions:

org-mozilla-rhino-patched_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-mozilla-rhino-patched_pt_BR.jar
MD5: 5B5751B5B10AF601E0B5AD83612CD569
SHA1: 7D487BD980F4A3FA91A82A627684858824736ED0

Identifiers

  • None

oneclass.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/oneclass.jar
MD5: 5F6788997D77034BE3F8CC7F8869D5E2
SHA1: 801865D259368C8A8A4569ED4137C1EFFB29C06E

Identifiers

  • None

ant-netrexx.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-netrexx.jar
MD5: 8840201F3658FAFA3054343E12AD0A63
SHA1: 2E1B759850F42436913869602130ADF7B734E5E9

Identifiers

  • None

org-openide-options_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-options_pt_BR.jar
MD5: 04BF937FD6911CB523A080401282C8D3
SHA1: 6362BC3252480666B12B01856ECA40729E970006

Identifiers

  • None

jfluid-server_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jfluid-server_pt_BR.jar
MD5: 259E57C14B6D966192EA06D690A7795B
SHA1: 718C5E8AA1EB784C61744E8F5219C4B0DF00CC7A

Identifiers

  • None

org-openide-nodes_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-nodes_ja.jar
MD5: 53922474E49506CA2989E5A9B0B5AF8D
SHA1: CC5FF81D4709CE3FA80D75883996F65732721C2E

Identifiers

  • None

TestJar.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/TestJar.jar
MD5: 50CEF79A610723550DA15D2997386792
SHA1: D8974D591FA133F56AEC67CAC4CF56FA3E748235

Identifiers

  • None

appframework-1.0.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/appframework-1.0.3.jar
MD5: 8F83672218717D9246383E9A14F12D16
SHA1: 338045FEFF6E61DF237AAFD11B6F3FE1A3B4E60E

Identifiers

  • None

junit-3.8.2.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/junit-3.8.2.jar
MD5: 28E7EB9EEEFE31A657C68755BFCCC541
SHA1: 07E4CDE26B53A9A0E3FE5B00D1DBBC7CC1D46060

Identifiers

  • None

saaj-api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/saaj-api.jar
MD5: 1C647B18F83080838F5D654825A5555D
SHA1: 037CEB393DCD60AE76D8217FD1ACF940089EEEE4

Identifiers

  • None

mimepull.jar

Description:  Provides a streaming API to access attachments parts in a MIME message.

License:

                COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
            : http://www.opensource.org/licenses/cddl1.php

                GPLv2 with classpath exception
            : http://www.gnu.org/software/classpath/license.html
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/mimepull.jar
MD5: 69D2A91B124D09E58FE2B7EAD2CA830F
SHA1: CA38C772B7F680F1ACE62C7D38779AA8A331D4B4

Identifiers

  • None

org-openide-nodes_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-nodes_pt_BR.jar
MD5: F14C9C2F33DD9FC266C8407785A90AB1
SHA1: A95AC06F326B0EDF7DDA221B90716AAA35F20529

Identifiers

  • None

org-jdesktop-layout_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-layout_ja.jar
MD5: 4F8FDABDBC56538F017F3D6C9F3414FD
SHA1: 967EF65D9071DD7088AB5170E8FA6ABDD8860D68

Identifiers

  • None

org-openide-loaders_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-loaders_pt_BR.jar
MD5: 4BF55A2A7DED2D5899771A6A76B2C324
SHA1: FA47D7AB605CDB8B15C34EC5F3A1587FCDB98BCE

Identifiers

  • None

core-renderer.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/core-renderer.jar
MD5: F72F76B270497A21C59D012F37A6DAF7
SHA1: 6CEB8D5DCFEF6CD92EC39D3B8DED0374605637C8

Identifiers

  • None

org-openide-execution.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-execution.jar
MD5: 43E895B9340CF4836C392A97C64659F2
SHA1: EFCFCB551FB19301C541597183114F2C66B15072

Identifiers

  • None

commons-logging-api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/commons-logging-api.jar
MD5: 6C295D399582842DBA8EA375239C2C66
SHA1: 28B4E6C985E840DEE33A82A84781A09E2B481D22

Identifiers

  • None

org-openide-util_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-util_zh_CN.jar
MD5: 4F404A919F506FE8176A4B7F97E79FFF
SHA1: 02BDD13154E97F39C29E035BCB7FACAFEBF3C62F

Identifiers

  • None

sac-1.3.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/sac-1.3.jar
MD5: E2A7D5B2FD568EC636A60689D0D69116
SHA1: 3764096F289F38736CCC6755D97A5848FCE7D125

Identifiers

  • None

org-openide-awt.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-awt.jar
MD5: EB797464906243761468DB6FBF2DF84D
SHA1: D1F265460A6E3D4622BDC841B9EE5B91198FAED8

Identifiers

  • None

org-jdesktop-beansbinding_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-beansbinding_pt_BR.jar
MD5: 8EB84016920A6AD91C6036A8C0F16055
SHA1: E8D01B422D36B13D8C4964D99E3BD91B28893F15

Identifiers

  • None

ant-apache-resolver.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-apache-resolver.jar
MD5: 4496EC09226B93ABFF0375FEFFC5E2D3
SHA1: 02F1CDC53909D44BBB4302BE3C89BE8F36121418

Identifiers

  • None

management-api.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/management-api.jar
MD5: AB280550B09D9340B5E923754014BCDF
SHA1: 5016F1CC91CD457284E8F62D661384F2BAF2C66E

Identifiers

  • None

jbrejb14.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/jbrejb14.jar
MD5: 8E9F1BCE2B901033DBEA45CB3F7327FF
SHA1: C5AE47962380048F0374791A23C68C6403735E6C

Identifiers

  • None

org-mozilla-rhino-patched_zh_CN.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-mozilla-rhino-patched_zh_CN.jar
MD5: 10E0F2D2E25A366C2B74675AE6B5DF6F
SHA1: 0B262222640C563BEAA10B241F7312F1D9D1DB68

Identifiers

  • None

org-jdesktop-beansbinding_ja.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-beansbinding_ja.jar
MD5: 57B3B2C5DC36B78F83719AA56EB84E91
SHA1: F0C371DDFB513D88496E7AD52B34E69CEA84AE0F

Identifiers

  • None

org-openide-dialogs_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-dialogs_pt_BR.jar
MD5: 65B30E4DD866E27BCF71F60C4C78355D
SHA1: C384FB4EB9E6366BAC22AA3E5DAA475DA273C743

Identifiers

  • None

org-jdesktop-layout_pt_BR.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-jdesktop-layout_pt_BR.jar
MD5: 26F2FA7F2FB42C5DF00A8B9C04BE45D6
SHA1: A07C2E57B8391BDB25A7CC7BE7B14C629E08F582

Identifiers

  • None

org-openide-nodes.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-nodes.jar
MD5: 7DDE12D517B79183585A1DE2AAC6FFD7
SHA1: 1EE314C8DB2AD6B6434DD36CFDCCCA053746C237

Identifiers

  • None

org-openide-dialogs.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/org-openide-dialogs.jar
MD5: 29ACB80AA2449165C5DDADBF0FC9D88F
SHA1: C45A3EC7197105132AF9157752F0C26BD323D06D

Identifiers

  • None

ant-apache-regexp.jar

File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/ant-apache-regexp.jar
MD5: 242C2AD954DB1943F08458869C8784F4
SHA1: F7DEF78EFA1F8190CE294EFEC2661F955364C5A1

Identifiers

  • None

osgi.cmpn-4.2.jar

Description: OSGi Service Platform Release 4 Version 4.2, Compendium Interfaces and Classes for use in compiling bundles.

License:

http://opensource.org/licenses/apache2.0.php; link="http://www.apache.org/licenses/LICENSE-2.0"; description="Apache License, Version 2.0"
File Path: /home/bcraig/Documents/Thesis/Analysis/reports/netbeans/3rdParty/osgi.cmpn-4.2.jar
MD5: 4A250D6939FEA1CB3E2574AF659F3739
SHA1: 972E6455724DC6ADB1C1912F53B5E3D7DF20C5FD

Identifiers

  • None


This report contains data retrieved from the National Vulnerability Database.